Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
2014 LENOVO. All rights reserved.
2
Introduction
– What‘s new in this offering
– Value proposition
– Positioning and product support
Capabilities
– Features summary
– TMM vs TSM
– Support for 3rd party management consoles
What to Sell
Additional resources
System Status Monitoring and Error Reporting
Sensor Coverage
Configuring Platform Event Filters
Configuring TSM
Network Configuration
Security Features
User Authentication
Inventory and FRU Reporting
Updating
Power Management
2014 LENOVO. All rights reserved.
ThinkServer System Manager
Architecture and Management Interfaces
Network Connections
Management Interfaces
– Web Server
– Virtual Console
– Virtual Media
– IPMI
– DCMI
– PowerShell CLI
– SMASH
– Serial Console Redirection
– SNMP
2014 LENOVO. All rights reserved.
4
New …
– Completely redesigned systems management subsystem for fifth-generation ThinkServer systems
– Browser-based GUI
– HTML5 – suitable for mobile devices and tablets
– Easy to navigate user interface to quickly view system conditions
– PowerShell CLI provides increased flexibility and scripting capabilities
… and Improved
– Sensor coverage
– FRU inventory coverage and reporting
Includes
– Comprehensive system level monitoring and alerting
– Power monitoring and management controls supporting Lenovo Energy Manager
– Advanced authentication and security features
– Dedicated or shared network port
ThinkServer System Manager Premium adds remote access with Virtual Console and Virtual Media, and activates ThinkServer Energy Manager license
2014 LENOVO. All rights reserved.
Introducing ThinkServer System Manager
5
Fully featured management solution built on open industry standards
Reduce TCO by increasing server administrators‘ productivity –
– Remotely perform most functions that otherwise require a visit to the server
Increase overall server availability
Operates independently of server
– Operational regardless of system‘s state (e.g. server is powered off, or an operating system is not installed or is not functioning)
2014 LENOVO. All rights reserved.
Proven Value of Server Management with TSM
6
As part of any server systems management infrastructure, and for:
– Remote branches
– Limited access datacenters
– Customers where single remote control capability is required
Addresses key system management concerns:
– Low cost support to heterogeneous environments
– Full remote management capability
– Supports remote deployment, dynamic allocation
Available in all Lenovo 5th generation ThinkServer racks and towers
2014 LENOVO. All rights reserved.
TSM Positioning and Product Support
Small
Business
Remote
Offices
Medium
Business Enterprise /
Datacenter
2014 LENOVO. All rights reserved.
8
Access
– Industry-standard interfaces and protocols
– IPMI 2.0
– DCMI 1.0
– SMASH-CLP
– WS-MAN
– SNMP v3 (Gets only)
– Secure HTML5 Web Browser GUI
– Serial Port Redirection
– IPMI Serial over LAN
– Server console redirection via Telnet, SSH
– PowerShell CLI
Networking Protocol Support
– ARP, DHCP, DNS, HTTP, HTTPS, ICMP, LDAP, LDAPS, SMTP, SNMP (Traps), SNMP v3 (Gets only), SNTP, SSL, SSH, VLAN, NTP, SLP, Telnet,
– IP address, Host name, Subnet mask, Gateway
– Network Port Reassignments
Monitoring and Alerting
– Access to critical server settings
– Continuous health monitoring and control
– System Watchdog Timers – POST, OS heartbeat
– Automatic out-of-band notification and alerts
– Configurable PEF / PET Traps (IPMI Style)
– SNMP Traps
– SMTP (eMail)
– CIM indications
– Event logs
– IPMI System Event Log (SEL) – Time stamped events; Human Readable via the Web Interface and BIOS
– Extended SEL log for additional related information from SEL
– Audit log for administrative events
FRU monitoring available thru Web I/F, IPMI, PowerShell CLI, WS-MAN, SMASH-CLI
Remote power control (on / off / power cycle / shutdown / reset)
2014 LENOVO. All rights reserved.
TSM Features Summary
Security
– Enterprise class security access protocols such as SSL, SSH, RMCP+
– User authentication and role based privileges supported through local accounts or secure connection to LDAP or Active Directory
– Firmware Firewall
Remote platform firmware updating with BIOS and TSM recovery to last known good image
Boot sequence manipulation (via IPMI)
Configurable via Web, PowerShell CLI, IPMI, WS-Man, SMASH-CLI
Save and Restore configuration to a file
Remote Presence (with TSM Premium)
– Remote Keyboard, Video, Mouse (KVM)
– Remote Media: CD-ROMs (USB, SATA); DVD-ROMs (USB, SATA); USB mass storage devices; ISO images; IMG images (create from local folders)
ThinkServer Energy Manager enablement (with TSM Premium)
– Captures power data, provides closed-loop controls to limit maximum power consumed
9
Capability ThinkServer Management Module ThinkServer System Manager
Supported Systems 3rd and 4th generation ThinkServer Except TS130,
TS140, RS140
5th generation ThinkServer
Supported Standards IPMI version 2.0
DCMI 1.0 (2P racks only)
SMASH-CLI (limited support)
WS-MAN (limited support)
IPMI version 2.0
DCMI 1.0 (supported on all systems)
SMASH-CLI (comprehensive support)
WS-MAN (comprehensive support)
SNMP v3 (Gets)
Secure Web Interface Yes Yes (mobile device optimized)
Embedded Command Line Interface SMASH-CLI (limited support) SMASH-CLI (comprehensive support)
PowerShell
Sensor Coverage Limited Comprehensive
Alert Mechanisms SNMP Traps
SMTP (eMail)
CIM indications
SNMP Traps
SMTP (eMail)
CIM indications
Event Logs System Event Log (SEL) System Event Log (SEL)
Extended SEL log for additional related information from SEL
Audit log for administrative events
Power Control Yes Yes
Predictive Failure Analysis (PFA) support No Yes
Remote Presence (KVM) w/ TMM Premium w/ TSM Premium
Remote Media w/ TMM Premium w/ TSM Premium
Directory Integration (LDAP) Yes Yes
Active Directory Integration No Yes
Local User Accounts 16 9
Prevention Against Hammer Attacks Yes No
2014 LENOVO. All rights reserved.
TMM vs. TSM
2014 LENOVO. All rights reserved.
11
Lenovo ThinkServer System Manager
– Standard on all 5th generation servers
– Complete remote access to manage, monitor, troubleshoot and repair from anywhere for maximum uptime
– Provides secure alerts and status
Lenovo ThinkServer System Manager Premium
– Optional upgrade enabled by hardware key
– Installs on motherboard
– Enables remote control and virtual media
– Activates ThinkServer Energy Manager functionality
– Option P/N 4XF0G45867
Products tested and certified to work in conjunction with the TSM
– Microsoft PowerShell
– Lenovo Management plug-in for VMware vCenter
– Lenovo Management Pack for Microsoft System Center Operations Manager (SCOM)
– ThinkServer Energy Manager
– Activated on 5th generation servers with TSM Premium
– Available for upgrade to 5th and selected 4th generation ThinkServer systems, and third party servers with Node License Packs
2014 LENOVO. All rights reserved.
What to Sell
2014 LENOVO. All rights reserved.
13
Technical Systems Overview
―Lenovo ThinkServer System Manager Overview‖ (whitepaper)
―Using the PowerShell CLI‖ (whitepaper)
Solution Center TSM Demo
Lenovo Web Content
TSM Datasheet
End-user documentation
– ThinkServer System Manager User Guide
– ThinkServer System Manager Command Line Interface User Guide
– ThinkServer Deployment Manager User Guide
2014 LENOVO. All rights reserved.
Resources to Help You
2014 LENOVO. All rights reserved.
15
Management performed by autonomous embedded microprocessor referred to as Baseboard Management Controller (BMC)
The BMC manages the interface between system management software and platform hardware
A variety of controllers, sensors, connectors, and storage components are interconnected to monitor and control the server hardware
The BMC monitors the sensors and can send alerts via the network if any parameters do not stay within preset limits, indicating a potential failure of the system
2014 LENOVO. All rights reserved.
Hardware Architecture
Notes:
1. Only Mezzanine-0 Port 0 can be used for Shared Mode
2. 10 Mb/s maximum TSM bandwidth on 1 GbE Mezzanine cards
3. 100 Mb/s maximum TSM bandwidth on 10 GbE Mezzanine cards
4. Intel Mezzanine cards can lose connectivity for up to 5 seconds on
power state changes (S5, S0)
16
Interface In-Band Out-of-Band
HTTP/HTTPS
Browser I/F N/A • external LAN connection
IPMI 2.0 KCS I/F on TSM
for OS IPMI driver
• RMCP+ or RMCP over external LAN
connection
DCMI 1.0 KCS I/F on TSM
for OS IPMI driver
• RMCP+ or RMCP over external LAN
connection
PowerShell CLI N/A • WS-Man over external LAN connection
WS-MAN N/A • SOAP/HTTP over external LAN
connection
SMASH-CLI N/A • SSH/Telnet over external LAN
connection
Serial Console
Redirection N/A
• IPMI Serial over LAN (SOL)
• SSH/Telnet over LAN
• external serial COM port (BIOS based)
SNMP Traps (IPMI) N/A • external LAN connection
SNMPv3 (GETs) N/A • external LAN connection
2014 LENOVO. All rights reserved.
Management Interfaces / Protocol Support
Administrators and management software communicate
with the TSM over several physical interfaces using several
management protocols.
17
Interface In-Band Out-of-Band
LAN Serial Port
HTTP/HTTPS Browser I/F • N/A • external LAN connection • N/A
IPMI 2.0 • KCS I/F on TSM
for OS IPMI driver • RMCP+ or RMCP over external LAN connection • ―IPMI over Serial‖ over external Serial Port
DCMI 1.0 • KCS I/F on TSM
for OS IPMI driver • RMCP+ or RMCP over external LAN connection • ―IPMI over Serial‖ over external Serial Port
PowerShell CLI • N/A • WS-Man over external LAN connection • N/A
WS-MAN • N/A • SOAP/HTTP over external LAN connection • N/A
SMASH-CLI • N/A • SSH/Telnet over external LAN connection • SSH/Telnet over external Serial Port
Serial Console Redirection • N/A
• IPMI Serial over LAN (SOL)
• SSH/Telnet over external LAN connection (Issue
CMD from SMASH-CLI to initiate console redirection)
• Terminal redirection over external serial COM
port (TSM not involved. This is directly to
BIOS).
SNMP Traps (IPMI) • N/A • external LAN connection • N/A
SNMPv3 (GETs) • N/A • external LAN connection • N/A
2014 LENOVO. All rights reserved.
Management Interfaces / Protocol Support (Detail)
2014 LENOVO. All rights reserved.
19
Shared – uses common network port on Mezzanine-0 with two different MAC addresses – one for Mezzanine card and one for TSM
– Any Ethernet Mezzanine card is supported
– Mezzanine port-0 is used (not customizable)
– Simplifies switch configuration and minimizes network ports
– Virtual LANs supported to provide some separation between in-band network and TMM
– 10 Mb/s maximum TSM bandwidth on 1 GbE Mezzanine cards
– 100 Mb/s maximum TSM bandwidth on 10 GbE Mezzanine cards
– Intel Mezzanine cards can lose connectivity for up to 5 seconds on power state changes (S5, S0)
Dedicated – uses separate network port
– Provides complete physical separation between Mezz-0 and TSM
– 1 Gb/s maximum TSM bandwidth
2014 LENOVO. All rights reserved.
TSM Supports Shared or Dedicated Network Connectivity
Dedicated Shared / OS Available
20 2014 LENOVO. All rights reserved.
Shared vs. Dedicated Management LAN
Production
Network Production Network
Management Network
Mgmt
Network
Production
Network
Shared Management Port:
• Shares management traffic with
production network
Dedicated Management Port:
• Isolates management traffic from
production network Production Network
Management Network
2014 LENOVO. All rights reserved.
22
TSM provides an integrated web server exposing many of the manageability features of the ThinkServer
Provides overall system status at a glance
Allows configuration of the management subsystem in a mobile friendly GUI
From the web interface, users can:
– Configure the TSM network interface and protocol settings
– Administer user access and permissions
– Configure alerts
– View system health and status
– View the System Event Log
– Remotely control power to the server
– Initiate remote console and media sessions
2014 LENOVO. All rights reserved.
TSM Web Interface
2014 LENOVO. All rights reserved.
24
Remote Virtual Console is available with the optional TSM Premium upgrade key
Enables viewing the server console from a remote computer, using the remote computer‘s mouse and keyboard to interact with and control the server
Server keyboard, video, and mouse (KVM) redirected over the LAN – available remotely from the embedded web server with Java JNLP
2014 LENOVO. All rights reserved.
Remote Virtual Console
The "Console Launcher" tab has a button to launch the Virtual
Console. In addition to the "Launch Console" button, the tab also
presents a screenshot of the server.
25
Maximum number of concurrent KVM viewer sessions is 3
Remote Video
– Resolutions up to 1920 x 1200 x 32bpp @ 60Hz
– Video bandwidth can be selected to reduce network loading
Remote Keyboard / Mouse
– Keyboard Macros
– International Keyboard support
– Absolute, Relative - Mouse Modes
– Single Cursor Mode Selection
Record video or screen captures from remote display
Server Power Control
– Reset, Immediate Shutdown, Orderly Shutdown, Power On, Power Cycle available via the Remote KVM applet window
KVM transmissions can be encrypted
Local Monitor can be turned on / off in the virtual console
Virtual Media can be managed from Virtual Console
2014 LENOVO. All rights reserved.
Virtual Console Features
Remote console showing ThinkServer Deployment Manager
26
Auto Video Recording (Post Event) Pre-Event Video Recording (only for Crash /
Reset Event)
Time Limits
20 seconds video allowed if TSM Local
Storage(RAM)
Default-10sec, but can be configurable up to 60sec.
300 seconds recording allowed if Remote
Storage(NFS Path)
Video File Count 2 (After 2 files no more recording allowed)
1 if local storage / 3 if remote storage. (Once Max
file count reached, will delete old video file to store
new.)
2014 LENOVO. All rights reserved.
Video Recording Limits
2014 LENOVO. All rights reserved.
28
Remote Media is provided with Virtual Console – available with the optional TSM Premium upgrade key
Enables logically mounting a local computer disk drive on the server – available remotely from the embedded web server with Java JNLP
A mounted disk can be used to restart the server or to install software on the server
Devices that can be virtualized include: CD-ROMs (USB, SATA), DVD-ROMs (USB, SATA), USB mass storage devices, ISO images, disk raw data files (e.g. ghost, dd), IMG images (create from local folders)
2014 LENOVO. All rights reserved.
Remote Media
29
Files used by Remote Media can be redirected from a NFS or CIFS network file share
The 'Remote Images Settings' dialog allows enabling or disabling remote images redirection and configuring the network location where the image files are available
2014 LENOVO. All rights reserved.
Configuring remote images for use with Remote Media
2014 LENOVO. All rights reserved.
31
What is IPMI
– A standardized message-based hardware-level interface specification for out-of-band management
Lenovo fully implements the IPMI 2.0 standard, and adds additional capability with published OEM commands
IPMI commands are supported over the following interfaces
– IPMI Over LAN
– Allows remote management of a server by sending industry standard IPMI command line commands to the TMM over the LAN
– IPMI In-band interface (KCS)
– Uses Operating System IPMI driver
2014 LENOVO. All rights reserved.
IPMI Interfaces
IPMI over LAN IPMI over in-band
KCS I/F
32
Lenovo OEM Commands NetFn Command
Set LED Status Command 0x3A 0x01
Get Fan LED Status Command 0x3A 0x02
Get Active Thermal Profile Command 0x3A 0x03
Set Thermal Profile Command 0x3A 0x04
Manage Thermal Configuration File
Command
0x3A 0x05
Get DIMM CLTT Configuration Command 0x3A 0x06
Set DIMM CLTT Configuration Command 0x3A 0x07
Get Thermal Profile Name Command 0x3A 0x08
Get Thermal Profile List Command 0x3A 0x09
Get Inventory Data Command 0x3A 0x0a
Get Recovery Image Boot Info Command 0x3A 0x0b
Set Recovery Image Boot Info Command 0x3A 0x0c
Get Internal Sensor Reading Command 0x3A 0x0e
Get Platform ID Command 0x3A 0x0f
Get CPU and DIMM temperature 0x3A 0x11
Get Thermal Inventory Info Command 0x3A 0x12
Get iKVM Key status 0x3A 0x13
iKVM software Key Create 0x3A 0x14
2014 LENOVO. All rights reserved.
IPMI Lenovo OEM Commands
Lenovo OEM Commands NetFn Command
Media Service Control 0x3A 0x15
Set Power logging Configuration 0x3a 0x17
Get Power log Info 0x3a 0x18
Get Power Log Data 0x3a 0x19
Set PSU Redundancy Mode 0x3a 0x1a
Get PSU Redundancy Mode 0x3a 0x1b
Set WEB Directory 0x3A 0x22
Set Fan Duty Cycle Command 0x3A 0x30
Get Fan Duty Cycle Command 0x3A 0x31
Set Fan Mode Command 0x3A 0x32
Get Fan Mode Command 0x3A 0x33
Initialize SD partitions 0x3A 0x34
Check SD partition status 0x3A 0x35
Remount Sd partitions 0x3A 0x36
Set GPIO Status 0x3A 0x37
Get GPIO Status 0x3A 0x38
Set Mezz Interface Control 0x3A 0x3a
Get Mezz Interface Control 0x3A 0x3b
2014 LENOVO. All rights reserved.
34
DCMI is a industry specification that defines a simplified, reliable, interoperable management interface
Addresses the unique requirements of server platform management within Internet Portal Data Centers (IPDC) and other High Density Data Centers where large numbers (into the ten's of thousands) of servers are deployed
Based on IPMI 2.0 standard commands and extensions deliver the majority of capabilities required by high density data centers
– Platform identification
– Sensor status and logging
– Simplified power management
DCMI is used by ThinkServer Energy Manager to interface with TSM and power management functions (Intel Node Power Manager)
2014 LENOVO. All rights reserved.
Data Center Manageability Interface (DCMI)
2014 LENOVO. All rights reserved.
36
Windows PowerShell is a task-based command-line shell and scripting language that helps IT administrators automate server management
– Leverage common tools for script development and advanced automation tasks
– Abstracts complexities of the underlying APIs used to communicate with the TSM
The ThinkServer System Manager Command Line Interface (TSMCLI) is a PowerShell module
The CLI communicates with the BMC using HTTP or HTTPS
Provides direct access to management functions as an alternative to the web-based user interface and also as a way to script tasks for execution in multiple servers
Many features and functions available thru IPMI and the Web I/F are supported by the CLI
2014 LENOVO. All rights reserved.
PowerShell CLI
Invoke-TMMCLI [-CommandName]
<COMMAND_NAME>
[COMMAND_PARAMETERS] [-CommandArgs]
@ {[COMMAND_ARGUMENTS]}
<COMMAND_NAME> is the TSMCLI command which will be
executed. Examples: "get-help", "get-users", "set-
nicsettings".
[COMMAND_PARAMETERS] are items that specify
additional information such as the name of the ThinkServer
to address, authentication method and credentials, etc.
[COMMAND_ARGUMENTS] specifies additional arguments
specific to each TSMCLI command.
37
Configure Date and Time / NTP Servers
User Management
SSL Certificates Management
Server Power Control
Configure / Recover TSM Configuration
Firmware Management and Update for supported devices
Configure / Manage Network Configuration
Configure Network Services
Configure Front Panel Operator Buttons
Monitor / Manage Sensors
Read FRU inventory
Manage Virtual Media
Manage Event Logs
Configure and Manage Event Notifications
PowerShell CLI Supported Operations Summary
2014 LENOVO. ALL RIGHTS RESERVED.
38
Date and Time:
– Get current time
– Set current time
– Configure NTP
User Management:
– Add user
– Modify user
– Delete user
– Configure user privileges
– Configure AD authentication
– Configure LDAP/LDAPS authentication
– Configure PAM order
– Configure WebUI session timeout
SSL Certificates:
– Get SSL certificate
– Upload SSL certificate
Server Power Control:
– Power up
– Power down immediately
– Power down gracefully (ACPI)
– Power cycle
– Reset
TSM Configuration:
– Back up configuration
– Restore configuration
– Reset to default configuration
Firmware Management for devices that support it, such as BMC, BIOS, TDM, Windows Drivers, Linux Drivers...):
– Get firmware version
– Update firmware
PowerShell CLI Supported Operations Detail
Network Configuration:
– IPv4 settings (manual and DHCP)
– IPv6 settings (manual and DHCP)
– DNS server
– Default gateway
– VLAN
– Configure IP Blacklist
– Configure Port Blacklist
Network Services:
– Configure HTTP port
– Configure HTTPS port
– Configure SSH port
– Configure KVM ports
– Configure Telnet ports
2014 LENOVO. ALL RIGHTS RESERVED.
39
Panels and Buttons:
– Configure power button (enable/disable)
Sensors:
– Power supply voltage
– Power supply temperature
– Power supply consumption
– Power supply data reporting
– CPU
– Memory
– System temperature
– Inlet temperature
– Devices temperature (for the devices that have this information exposed through the BMC)
– Devices voltage (for the devices that have this information exposed through the BMC)
– Devices status (for the devices that have this information exposed through the BMC)
– Devices presence (for the devices that have this information exposed through the BMC)
Sensors (cont):
– Fan fault
– Fan speed
– I/O subsystems
– HBA
– Chassis intrusion
– Removal/insertion of all externally accessible and enabled storage
– BMC software health status
– BMC hardware health status
Read FRU inventory
Serial Ports:
– Configure Serial over LAN
Remote Media:
– Get remote media information
– Mount / unmount remote media (CD/DVD, USB, HD)
PowerShell CLI Supported Operations Detail (cont.)
Log Management:
– Read SEL
– Clear SEL
– Read audit log
– Configure audit log (Enable/Disable)
Notifications:
– List event filters
– Get event filter
– Create event filter
– Delete event filter
– Modify event filter
– Configure e-mail settings
– Configure SNMP settings
2014 LENOVO. ALL RIGHTS RESERVED.
2014 LENOVO. All rights reserved.
41
Systems Management Architecture for Server Hardware (SMASH) is a suite of specifications to facilitate the management of a data center, independent of vendor, topology, or operating system
– Defines a common architectural model (CIM), standard protocols, and profiles
The SMASH initiative includes two methods of interaction:
– Server Management Command Line Protocol (CLP)
–A command line syntax allowing an operator or a script to execute common system tasks over a text-based transport protocol
–SMASH CLP interface is accessed with a CLI to the TSM using Telnet or SSH over LAN
– WS-Management (WS-MAN)
–A Web services interface for system management
–WS-MAN is a programmatic interface used by management consoles over LAN
2014 LENOVO. All rights reserved.
SMASH Interfaces
42
No Profile Required
1 Base Server Profile Y
2 Boot Control Profile Y
3 Service Processor Profile Y
4 CLP Service Profile Y
5 CPU Profile Y
6 Device Tray Profile
7 DHCP Client Profile Y
8 DNS Client Profile Y
9 Ethernet Port Profile Y
10 Fan Profile Y
11 IP Interface Profile Y
12 Modular System Profile
13 Pass-through Module Profile
14 Physical Asset Profile Y
15 Power State MGMT Profile Y
16 Power Supply Profile Y
17 Record Log Profile Y
18 Role Based Authorization Profile Y
No Profile Required
19 Sensors Profile Y
20 Shared Device MGMT Profile
21 Simple Identity MGMT Profile Y
22 SM CLP Admin Domain Profile Y
23 SMASH Collections Profile Y
24 Software Inventory Profile
25 Software Update Profile
26 SSH Service Profile Y
27 System Memory Profile Y
28 Telnet Service Profile
29 Text Console Redirection Profile Y
30 Watchdog Profile Y
31 KVM Redirection Profile Y
32 PCI Device Profile Y
33 OS Status Profile Y
34 Indicator LED Profile Y
35 Indications Profile Y
36 SMI-S Host Hardware Raid Controller
Profile Y
2014 LENOVO. All rights reserved.
SMASH Profiles Supported
TSM supports all required and optional SMASH Profiles
2014 LENOVO. All rights reserved.
44
Provides a mechanism to redirect a text serial console
Methods
– IPMI Serial over LAN (SOL) over server management LAN
– Telnet/SSH session over LAN – SMASH-CLI command to start console redirection
– Serial Console Redirection direct server serial port connection (TSM not involved)
Provides software, or user at remote console, means of remote text based KVM
– Serial text-based interfaces (e.g. BIOS setup, RAID configuration)
– Operating system command-line interfaces (e.g. DOS, Linux consoles)
– Serial text-based applications
2014 LENOVO. All rights reserved.
Serial Console Redirection
IPMI Serial over LAN (SOL)
Telnet / SSH session
Serial Port Console Redirection
45
Configure the serial output so TSM can be remotely viewed over the LAN
1. Configure Serial Port settings in BIOS
a. Configure COM port settings (Baud, etc.)
b. Enable ―Console Redirection‖
2. Configure TSM IPMI SOL Settings – Match COM port settings.
3. Configure TSM accounts to allow access on LAN
4. Start IPMI SOL Session
2014 LENOVO. All rights reserved.
Configuring IPMI SOL
46
Configure the serial output of the server so console can be remotely viewed over serial connection (TSM is not involved)
1. Use serial console application
2. Connect (null-modem) serial cable to ThinkServer serial port (COM1)
3. Configure console redirection in BIOS
a. Enable ―Console Redirection/SOL‖
b. Enable ―Redirection After BIOS POST‖
c. Configure COM port settings (Baud, etc.)
4. Configure terminal client COM port settings – match settings on server
5. Terminal app will display all text based output as shown on local server monitor
2014 LENOVO. All rights reserved.
Configuring Serial Console Redirection
2014 LENOVO. All rights reserved.
48
The TSM supports SNMP v3 using both IPv4 and IPv6
– IPMI SNMP traps (alerts)
– SNMP get IPMI command (Status information)
An SNMP Management Information Base file (MIB) is provided to enable integration into SNMP based management applications
– one for GETS
– one for TRAPS
One default SNMP Community is supported (community1)
SNMP is enabled for local user accounts in user management tab
– Supports SHA, MD5 authentication
– Supports DES, AES encryption
2014 LENOVO. All rights reserved.
SNMP
2014 LENOVO. All rights reserved.
50
Using a comprehensive network of sensors and watchdog timers, TSM monitors:
– System operational status including power state
– Environmental information including temperatures, voltages, fan speed readings, bus errors, etc.
– Manual or system driven recovery actions – local or remote system resets and power on/off operations
Logs record abnormal or ‗out-of-range‘ conditions, and important system events for later examination and alerting — without operating system intervention
System status sensor data is accessible via (Web, IPMI, SMASH-CLI, WS-Man, PowerShell CLI
Sensor definitions can be discovered using the IPMI Sensor Data Records (SDRs) and sensor device commands
System Status LED provides quick visual identification of error conditions
2014 LENOVO. All rights reserved.
Monitoring System Status
51
The TSM can notify users or management applications when a system fault or important state change occurs
Events are categorized as:
– Critical – system failure
– Warning – possible pending issue
– Information – general status
Platform Event Filters (PEF) provide a mechanism to configure specific actions to be performed on certain events. Specific actions include:
– Power Actions – Do Nothing, Power Down, Power Reset, Power Cycle
– Trigger remote alert via Platform Events Trap (PET) or email
Remote notification can occur via the following methods:
– SNMP Traps via Ethernet only
– SNMP MIB provides specific information about the alert
– Address is configurable for each local user and each Alert LAN Destination can have one local user assigned
– Reports TSM host name, sensor name, sensor type, failure description
– CIM events sent to clients that have registered to receive indications
2014 LENOVO. All rights reserved.
Error Reporting with Remote Alerts
52
Email address is configurable for each local user and each Alert LAN Destination can have one local user assigned
Reports
– TSM host name
– Sensor name
– Sensor type
– Severity
– Failure description
Similar information to that recorded in the SEL
2014 LENOVO. All rights reserved.
Email Alert Contents
53
System Event Log (SEL)
– Records events related to the sensors available in the TSM
– SEL is accessible in web server and can be filtered and sorted
– Accommodates over 3000 unique entries – alert can be configured when log full or past a certain threshold
Extended SEL
– Provides correlated data to IPMI SEL events – additional information not saved in IPMI SEL
Audit Log
– Records events related to actions performed by the users including logging on, password changes, etc.
– Audit log can be disabled, so that no new events are registered to this log
2014 LENOVO. All rights reserved.
Event Logs
54
LED Location Color Possible states and Indicated
Conditions
System Fault Front Panel Amber On – Fault
Off – System Status OK
Unit Identification* Front Panel
Motherboard Blue
On – Attention Off – No action
BMC heart beat Motherboard Green On – Fault Off – Fault
Blink – Health Status OK
FAN Motherboard Amber On – Fan Fault
Off – OK
PSU Fault Power Supply (rear panel) Amber On – PSU Fault
Off – OK
2014 LENOVO. All rights reserved.
System Status LEDs
* Controlled by front panel ID button and IPMI command
2014 LENOVO. All rights reserved.
56
Sensor Type Sensor Name
Temperature Ambient Temp
Exhaust Temp
CPU1 DTS
CPU2 DTS
Voltage
System 3.3V
System 5V
System 12V
AUX 1.2V
AUX 1.26V
AUX 1.5V
AUX 3.3V
PCH 1.05V
PCH 1.5V
CPU Core
CPU1 VR
CPU2 VR
DIMM AB 0.6v
DIMM AB VR
DIMM CD 0.6v
DIMM CD VR
DIMM EF 0.6v
DIMM EF VR
DIMM GH 0.6v
DIMM GH VR
Power
System Power
CPU Power
DIMM Power
PSU1 Power
PSU2 Power
2014 LENOVO. All rights reserved.
Sensor Definitions (Supported with PEFs)
Sensor Type Sensor Name
Fans Speed Fan (1), Fan (2), … Fan (n)
Physical Security Chassis Intrusion
Processor CPU Fault
CPU Usage
Power Supply Status
PSU Overload
PSU Fault
PSU Redundancy Lost
System Power State Host Power (Power on / Power up)
Memory DIMM Fault
Drive Slots (General) HDD (Drive added, removed, offline, PFA)
System Firmware Progress BIOS
Event Logging Disabled SEL Full
Watchdog Timer Watchdog Trip
57
Sensors are organized into the following categories:
– Temperature
– Voltage
– Fan
– Power Supply
– Others
Click corresponding tab to view sensors in that category
– Sensors presented in a table with the current readings
– Green = OK
– Orange = Warning
– Red = Critical
– Grey = Additional sensor data not available (via link)
2014 LENOVO. All rights reserved.
Viewing Sensors from the Web Interface
58
Clicking a sensor name opens another dialog with detailed sensor information
– Current reading
– Sensor Thresholds
– Chart representing events logged in the SEL for this sensor
Sensor thresholds
– Lower Non-Recoverable
– Lower Critical
– Lower Non-Critical
– Upper Non-Critical
– Upper Critical
– Upper Non-Recoverable
2014 LENOVO. All rights reserved.
Web Interface – Detailed Sensor Information
2014 LENOVO. All rights reserved.
60
PEF Management provides mechanism to configure specific actions to be performed on particular event messages
Actions include reboot, power cycle, power off, and trigger an alert (Platform Events Trap [PET] and/or e-mail)
To configure a PEF, specify:
1. Add a ―LAN Destination‖
2. Add an ―Alert Policy‖ using the previously created ―LAN Destination‖ and associate with a specific policy number
3. Add an ―Event Filter‖ using the same policy number previously used in the step above
2014 LENOVO. All rights reserved.
Configuring Platform Event Filters (PEFs)
The Event Filter tab displays a table with event filters
currently in use. Filters can be managed from this tab.
61
Two types of LAN destinations – SNMP Trap or Email Alert
– SNMP Trap sends alert message to an IPv4 or IPv6 address
– Email alert provide static subject and message fields
Configuring LAN Destinations
– The LAN Destination tab displays all existing LAN destinations
– Alert Policies requires at least one LAN Destination, but can have many
2014 LENOVO. All rights reserved.
Configuring PEFs – LAN Destinations
62
Alert Policies define
– When to send the alert defined by ―Policy Set‖
– Where to send the alert selected from pre-defined list of ―LAN Destinations‖
– Additional information to send in selectable ―Alert String‖
Configuring Alert Policies
– Alert policies have a ―Policy Number‖ that will be associated with the event filter
– Multiple alert policies with the same Policy Number can be triggered by the same event filter
2014 LENOVO. All rights reserved.
Configuring PEFs – Alert Policies
The Alert Policy tab displays all existing Alert policies
63
Configuring an Event Filter – Specify:
– The severity of the event that will trigger the alert – ―Event Filter Configuration‖
–Monitor, Information, Normal, Non-Critical, Critical, Non-Recoverable, Unspecified
– Which sensor to monitor – ―Sensor Configuration‖
– What action to take when the event is triggered – ―Filter Action‖
–Which Alert Policy to associate with this filter – multiple policies can be selected
–What Power Action to take (Do Nothing, Power Down, Power Reset, Power Cycle)
– IPMI Generator ID, and Event Data Configuration exposed for detailed event creation
2014 LENOVO. All rights reserved.
Configuring PEFs – Event Filters
64
Email notifications can be sent to users when:
– Status of the system changes or a critical error happens
– Local user in case of a forgotten password
Configure SMTP servers
– Sender address – email address to appear in ―from‖ field of email
– Machine name – TSM host name
– Primary and secondary destination SMTP server IPv4 address and port number (default is 25)
– SMTP server authentication if required
2014 LENOVO. All rights reserved.
Configuring Email Alerts
2014 LENOVO. All rights reserved.
66
Interface BIOS TSM RAID Controllers
UEFI Interface (BIOS Pre-boot) Yes Yes Yes
TSM Web Interface No Yes No
PowerShell CLI No Yes No
IPMI No Yes No
CIM Interfaces (SMASH CLI, WS-Man) No No No
SNMP No No No
2014 LENOVO. All rights reserved.
ThinkServer Configuration
67
Configuration Item Web PowerShell IPMI WS-Man SMASH-CLI
Server Power Button Yes Yes Yes Yes Yes
Local User accounts and privileges Yes Yes Yes Yes Only Account settings
allowed not Privilege.
Active Directory / LDAP configuration and accounts Yes No Yes No No
Network settings for each interface Yes Yes Yes Yes No
Virtual console and virtual media enablement and
configuration Yes Virtual media only Yes
Service Enablement allowed, but not
other configurations or media redirection
Only Service
Enablement allowed
Notification settings – SNMP traps, SMTP
Configurations Yes Yes Yes Yes No
NTP client configuration Yes No Yes No (Date and time can be set) No (Date and time can
be set)
Security certificates management Yes No Yes No No
Services Management Yes Only Enable /
Disabled allowed Yes Only Enable/Disabled allowed
Only Enable/Disabled
allowed
Session timeouts Yes No Yes No No
Firewall Yes No Yes No No
Platform Event Filters Yes Yes Yes Yes No
IPMI Serial Over LAN (SOL) Yes No Yes No Yes
Thermal and power capping profiles Via DCMI No Yes No No
2014 LENOVO. All rights reserved.
TSM Configuration Support
68
Backup and Restore
– All TSM settings can be preserved to a local file
– Settings can be restored by importing a previously saved configuration file
– Restore operations require the TSM to be rebooted (but not the server)
All TSM settings are saved if firmware upgrade is performed
A TSM factory reset resets all settings to default values
2014 LENOVO. All rights reserved.
TSM Configuration Backup and Restore
2014 LENOVO. All rights reserved.
70
TSM network port selectable
– Shared with OS / multiple MAC addresses
– Dedicated
Addressing
– IPv4 or IPv6 supported (IPV6 can be disabled)
– IP address obtained from DHCP server or assigned statically
Supports VLAN
– VLAN ID (2-4094)
– Priority (1-7)
2014 LENOVO. All rights reserved.
Network Configuration
71
DNS enables a DNS server to translate host names into IP addresses
TSM Host Name supports manual or automatic configuration (assigned MAC address)
Multicast DNS (mDNS) support
– provides a zero configuration host name resolution service
DDNS support methods for host name registration
– Nsupdate (Direct Dynamic DNS)
– Supports TSIG authentication if required – a TSIG private file will be needed
– DHCP Client FQDN to register through DHCP server
– Hostname
– None
2014 LENOVO. All rights reserved.
DNS Settings
72
Configures network link speed and duplex mode
'Auto Negotiation' enables link speed and duplex mode to be set automatically to achieve the best possible performance
Link can only be configured when TSM NIC is in Dedicated mode
2014 LENOVO. All rights reserved.
Link Speed
73
Service Default Non-Secure
Port Default Secure Port Max Sessions Port Configurable?
Session Timeout
Configurable?
Web (HTTP / HTTPS) 80 443 20 Yes Yes (5 – 30 min)
Telnet 23 N/A N/A Yes Yes (1 – 30 min)
SSH N/A 22 N/A Yes Yes (1 – 30 min)
SNMP Agent 161 N/A N/A Yes No
SNMP Traps 162 N/A N/A No No
Remote KVM 7578 7582 4 No Yes (5 – 30 min)
Remote Media (HDD) 5123 5127 3 No No
Remote Media (CD/DVD) 5120 5124 1 No No
Network Time Protocol 123 N/A N/A No No
SLP 427 N/A N/A No No
SMTP (email alerts) 25 N/A N/A Yes No
DHCP Client 68 N/A N/A No No
DNS Client 53 N/A N/A No No
LDAP / LDAPS 389 636 N/A Yes No
Active Directory 389 636 N/A Yes No
WS-Man 5988 5989 N/A No No
SMASH-CLI N/A N/A 3 No Yes (1 – 30 min)
2014 LENOVO. All rights reserved.
Service Management
2014 LENOVO. All rights reserved.
75
User authentication through LDAP / Active Directory, or 9 local hardware-stored user accounts and passwords
Role-based authorization
– Enables administrators to configure specific privileges for each user
– Public Key Authentication: Allows for the use of a private key to authenticate over SSH instead of the typical user name/password authentication
Interface Security
– Session time-out: Provides automatic session time-out for inactivity (Web, Telnet, SSH, KVM)
– Firewall configurable to block network traffic based on IP address or network port
Configurable Network Service ports
– Allows customization of ports used by TSM services
Security settings configurable through the Web interface, PowerShell CLI, and IPMI
Encryption secured with 256-bit Secure Sockets Layer (SSL)
– Secure Web-server (HTTPS)
– Secure LDAP (LDAPS)
– Supports Virtual Console and Virtual Media encryption
The TSM supports terminal connections to clients using SSH version 2.0
– SSH uses user ID and password pairs stored in local user accounts or AD/LDAP server
– Supports the following encryption algorithms:
– 3DES, Blowfish, RC4, AES
VLAN support
– Enables management traffic to be located in a private ―management VLAN‖ in both dedicated and shared network modes
– VLAN groups can be used to limit network access to devices subscribed to the VLAN group
2014 LENOVO. All rights reserved.
TSM Security Features
76
Used to define rules to prevent network traffic to or from specific IP addresses and ports
– Block specific IP address or range of IP addresses
– Block all TCP or UDP communication through specific port or range of port numbers
2014 LENOVO. All rights reserved.
Firewall
77
SSL and SSH require a valid certificates and corresponding private encryption keys.
The following methods for generating or importing the private key and required certificate are supported
– Generate and install a self-signed X.509 certificate
– Import a signed DER encoded X.509 certificate
Certificates are saved across firmware updates when flashing to a newer code level
– Information not guaranteed to be saved if flashing to an older code level
2014 LENOVO. All rights reserved.
Certificates
2014 LENOVO. All rights reserved.
79
TSM supports three methods of authentication
– Local authentication – user account and privileges info stored in TSM non-volatile storage
– Active Directory – user authenticated via remote A.D. server
– LDAP – user authenticated via remote LDAP server
Multiple methods can be used – order of authentication can be specified. By default, the TMM tries to authenticate user credentials in the following order:
– Locally
– LDAP (if enabled)
– Active Directory (if enabled)
Authentication is required on all interfaces except for SNMPv1 and in-band KCS interface
Forgotten passwords mechanism is available for local users that have a valid email address registered in TSM
2014 LENOVO. All rights reserved.
TSM Authentication
Up to 5 Active Directory and LDAP groups supported
No modifications to the directory schema
LDAPS supported (TLS, SSL) – Certificate management in LDAP settings
80
Feature Administrator Operator User
Dashboard Can view, configure, control all settings Can view all information Can view System Summary, Latest Event Logs, Sensors, Launch Console (if privilege granted)
Backup and Restore Can perform Factory Reset Can perform Firewall Can view and configure Can view settings Firmware Update Can perform FRU Inventory Can view Can view Can view Logging - Event Log Can view and clear log Can view log Can view log Logging - SEL Record Details Can view Can view log Can view log Logging - Audit Log Can view log. Can enable/disable log Can view log Can view log Networking – NIC, DNS, Link Can view and configure Can view NTP Settings Can view and configure Can view PEF Management Can view and configure Can view Power Management - Power Status Can perform Can view Can view Power Management - Power Button Can perform Sensor Monitoring Can view sensors and sensor detail Can view sensors Can view sensors Serial Over LAN Can view and configure Can view
Services Management Can view and configure services and manage active sessions
Can view services Can view services
SMTP Settings Can view and configure Can view SSL Certificate Settings Can view and configure Can view Can view Users - Local Users, Active Directory, LDAP Can view and configure Can view Users - Authentication Order Can view and configure Can view
Virtual Console - Console Launcher View console screenshot and launch console if privilege granted.
View console screenshot and launch console if privilege granted.
View console screenshot and launch console if privilege granted.
Virtual Console - Settings Can view and configure Can view Can view Virtual Console - Remote Images Can view and configure Can view Can view
2014 LENOVO. All rights reserved.
Privilege Levels
81
User Interface Local Accounts LDAP Active Directory
Web Interface Yes Yes Yes
WS-MAN Yes Yes Yes
SMASH-CLI Yes Yes Yes
IPMI Yes No No
IPMI SOL Yes No No
SNMPv3 Yes No No
2014 LENOVO. All rights reserved.
Access Credentials Supported by Authentication Method
82
User
ID User Name
Default
Password Default Status User Role KVM Virtual Media SNMP (Gets)
anonymous Enabled (Hidden) Administrator Enabled Enabled Disabled
1 lenovo len0vO Enabled Administrator Enabled Enabled Disabled
2014 LENOVO. All rights reserved.
Default User Profiles
83
Configure local user account access via SNMP
– Select authentication mode and method of encryption
Can use SSH certificate for logging in without a password
2014 LENOVO. All rights reserved.
Additional Local User Account Controls
2014 LENOVO. All rights reserved.
85
The TSM provides a detailed record of components currently installed in the system
FRU data available from Web I/F, IPMI, PowerShell CLI, WS-Man, SMASH-CLI
FRU data is refreshed at every reboot or TSM reset
FRUs tracked include:
– AnyRAID adapters
– HDD / SSD Drives
– Riser Card
– PSUs
– AnyFabric Mezzanine cards
– Mid Plane cards
– Back Plane cards
– DIMMs
– CPUs
The FRU Inventory dialog lists all the existing FRUs and provides detailed information about them, such as:
– Chassis: type, serial number, part number, and others.
– Board: manufacturer, product name, serial number, part number, and others.
– Product: manufacturer, part number, version, and others.
Use the dropdown list at the top of the page to select a specific FRU and obtain product details
2014 LENOVO. All rights reserved.
FRU Monitoring and Component Tracking
2014 LENOVO. All rights reserved.
87
Supports update for TSM, BIOS, ThinkServer Deployment Manager, AnyRAID Mid-plane cards, Mezzanine Card, PSU‘s
Firmware update packages can be uploaded from local computer, or networked location (CIFS, NFS, and TFTP shares supported)
– Packages can be signed
After update bundles transferred to TSM, only applicable updates will be enabled
Automatic Rollback of BIOS and TSM firmware to last known good recovery image if firmware image is corrupted
– An IPMI OEM command is available to force boot from the recovery image instead of the primary image
– Version downgrade is not supported
Methods of update
– Web
– PowerShell CLI
– Flash Utilities (OS application)
2014 LENOVO. All rights reserved.
Firmware Update Support
Firmware Update via Web Interface
88
Partition 1
– Backup of BMC image. BMC uses data in this partition to recover from corrupted primary image.
Partition 2
– Used primarily for host access. Stores images for local media. Host accesses these images as virtual disks and devices.
– TDM image – TDM can recover or upgrade from this image.
– Windows driver image / Linux driver image – Required drivers OS installation can be found here without network.
– Diagnostic image – Diagnostics
– Temporary image – Used in the process of maintaining the images. If a sudden power loss happens while updating images, temporary image is used for recovery in next power on.
Partition 3
– This partition is mainly accessed as BMC external storage.
– Extended SEL Log
– Debug Logs – Stores debug information including IPMI request and response logging. This logging can be switched dynamically via OEM IPMI command.
– Configurations that need to be preserved even during reset to defaults.
– Backup images of BIOS, TDM, and CPLD. These devices can be recovered using these images.
Partition 4
– Reserved for future use
2014 LENOVO. All rights reserved.
Firmware Recovery – Layout of EMMC
TDM
TDM
2014 LENOVO. All rights reserved.
90
Power Management Controls allows monitoring and manipulating the power status of ThinkServer
– Power On – Power on the server immediately
– Power Off Gracefully – The TSM attempts to shut down the operating system and then turns off the server
– Power Off Immediately – Turns the server off without shutting down the operating system
– Reset – The TSM restarts the server by rebooting the system without powering off
– Power Cycle – The TSM restarts the server by powering down the server without shutting down the operating system, and then reboots the system
Power Management Server Power Button enables / disables the front panel power switch on the server
2014 LENOVO. All rights reserved.
Power / Reset Control
91
TSM Premium enables ThinkServer Energy Manager support
Licenses features of integrated Intel Node Manager 3.0 accessible through standard DCMI interface
– Monitors and reports system level power, temperature, and utilization metrics
– Enforces cap power policies by adjusting processor frequency scaling and dynamic voltage adjustment
Data from various sensors captured to compute the system level power consumed.
Power capping policies sent from Energy Manager are dynamically accepted and enforced by Node Manager closed-loop controls.
2014 LENOVO. All rights reserved.